def changepw(user_id): if not current_user.is_admin and user_id != current_user.id: abort(401) user = User.query.get(user_id) if not user: abort(404) form = ChangePasswordForm() if form.validate_on_submit(): current_pw = hash_password(user.login, form.current_password.data) if current_pw != user.password: flash(gettext('Current password doesn\'t match')) else: user.password = hash_password(user.login, form.password.data) db.session.add(user) db.session.commit() flash(gettext('Password changed successfully')) if current_user.is_admin: return redirect(url_for('users.index')) else: return redirect(url_for('general.index')) return render_template('users/change_password.html', form=form, user=user)
def add(): if not current_user.is_admin: abort(401) form = NewUserForm() if form.validate_on_submit(): user = User( login=form.login.data, email=form.email.data, password = hash_password(form.login.data, form.password.data) ) user.active = form.active.data user.account_type = form.account_type.data user.locale = form.locale.data user.timezone = form.timezone.data user.first_name = form.first_name.data user.last_name = form.last_name.data db.session.add(user) db.session.commit() flash(gettext(u'User added successfully')) return redirect(url_for('users.index')) else: form.timezone.data = str(get_timezone()) form.locale.data = str(get_locale()) return render_template('users/new.html', form=form)
def login(): if g.user is not None and g.user.is_authenticated(): return redirect(url_for('general.index')) form = LoginForm() if form.validate_on_submit(): # Validate User user = User.query.filter(User.login == form.username.data).first() if not user: flash(gettext('Invalid credentials'), 'danger') else: password = hash_password(form.username.data, form.password.data) if user.password != password: flash(gettext('Invalid credentials'), 'danger') else: if login_user(user): flash(gettext('You have been successfully signed in'), 'success') session['remember_me'] = form.remember_me.data return redirect(url_for('general.index')) else: flash(gettext('Cannot sign in'),'danger') return render_template('users/login.html', form=form, hide_sidebar=True, hide_header=True, class_body='bg-black', class_html = 'bg-black')
def add(): if not current_user.is_admin: abort(401) form = NewUserForm() if form.validate_on_submit(): user = User(login=form.login.data, email=form.email.data, password=hash_password(form.login.data, form.password.data)) user.active = form.active.data user.account_type = form.account_type.data user.locale = form.locale.data user.timezone = form.timezone.data user.first_name = form.first_name.data user.last_name = form.last_name.data db.session.add(user) db.session.commit() flash(gettext(u'User added successfully')) return redirect(url_for('users.index')) else: form.timezone.data = str(get_timezone()) form.locale.data = str(get_locale()) return render_template('users/new.html', form=form)
def login(): if g.user is not None and g.user.is_authenticated(): return redirect(url_for('general.index')) form = LoginForm() if form.validate_on_submit(): # Validate User user = User.query.filter(User.login == form.username.data).first() if not user: flash(gettext('Invalid credentials'), 'danger') else: password = hash_password(form.username.data, form.password.data) if user.password != password: flash(gettext('Invalid credentials'), 'danger') else: if login_user(user): flash(gettext('You have been successfully signed in'), 'success') session['remember_me'] = form.remember_me.data return redirect(url_for('general.index')) else: flash(gettext('Cannot sign in'), 'danger') return render_template('users/login.html', form=form, hide_sidebar=True, hide_header=True, class_body='bg-black', class_html='bg-black')
def register(): if not app.config.get('ALLOW_REGISTRATIONS'): abort(404) form = NewUserForm() if form.validate_on_submit(): try: exists = User.query.filter(User.email == form.email.data).first() if exists: flash(gettext('Email address already registered')) else: user = User( login=form.login.data, email=form.email.data, password = hash_password(form.login.data, form.password.data), active = ACCOUNT_DISABLED ) user.first_name = form.first_name.data user.last_name = form.last_name.data user.locale = str(get_locale()) user.timezone = str(get_timezone()) db.session.add(user) db.session.commit() # Send email sent = send_email( gettext('Welcome to %(appname)s', appname = app.config.get('APP_TITLE')), app.config.get('MAIL_SENDER'), [form.email.data], render_template('users/mail_register.txt', user=user), render_template('users/mail_register.html', user=user), ) if sent: flash(gettext('Account created successfully. Please check your email for instructions on activating your account')) else: flash(gettext('Account created successfully but there were server-side errors while sending the email activation code. Your account needs to be manually activated.')) return redirect(url_for('users.login')) except OperationalError: if app.config.get('DEBUG'): flash(gettext('Error creating user. Database not set')) return redirect(url_for('users.login')) else: abort(500) return render_template('users/register.html', form=form, hide_sidebar=True, hide_header=True, class_body='bg-black', class_html ='bg-black')
#!/usr/bin/env python import sys, os # Fix path for importing modules CURRENT_DIR = os.path.abspath(os.path.dirname(__file__)) PACKAGE_DIR = os.path.abspath(os.path.join(CURRENT_DIR, os.pardir)) sys.path.append(PACKAGE_DIR) from aleph.webui.database import db from aleph.webui.models import * from aleph.webui.utils import hash_password from aleph.constants import ACCOUNT_SUPERUSER try: db.create_all() # Let's create an admin user u = User(login='******', email='*****@*****.**', password=hash_password('admin', 'changeme12!')) u.account_type = ACCOUNT_SUPERUSER u.first_name = 'System' u.last_name = 'Administrator' db.session.add(u) db.session.commit() print "Database created successfully" except Exception, e: print "Error creating database: %s" % str(e)
def register(): if not app.config.get('ALLOW_REGISTRATIONS'): abort(404) form = NewUserForm() if form.validate_on_submit(): try: exists = User.query.filter(User.email == form.email.data).first() if exists: flash(gettext('Email address already registered')) else: user = User(login=form.login.data, email=form.email.data, password=hash_password(form.login.data, form.password.data), active=ACCOUNT_DISABLED) user.first_name = form.first_name.data user.last_name = form.last_name.data user.locale = str(get_locale()) user.timezone = str(get_timezone()) db.session.add(user) db.session.commit() # Send email sent = send_email( gettext('Welcome to %(appname)s', appname=app.config.get('APP_TITLE')), app.config.get('MAIL_SENDER'), [form.email.data], render_template('users/mail_register.txt', user=user), render_template('users/mail_register.html', user=user), ) if sent: flash( gettext( 'Account created successfully. Please check your email for instructions on activating your account' )) else: flash( gettext( 'Account created successfully but there were server-side errors while sending the email activation code. Your account needs to be manually activated.' )) return redirect(url_for('users.login')) except OperationalError: if app.config.get('DEBUG'): flash(gettext('Error creating user. Database not set')) return redirect(url_for('users.login')) else: abort(500) return render_template('users/register.html', form=form, hide_sidebar=True, hide_header=True, class_body='bg-black', class_html='bg-black')